Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
09-07-2023 16:05
Behavioral task
behavioral1
Sample
84ae6b82c9fb59exeexeexeex.exe
Resource
win7-20230703-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
84ae6b82c9fb59exeexeexeex.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
84ae6b82c9fb59exeexeexeex.exe
-
Size
335KB
-
MD5
84ae6b82c9fb5905c8753edf066a805d
-
SHA1
354e72ba08cef416e7d12bd28b62833b82bc89d1
-
SHA256
ccac0c07a252a1ff2717dd8a78fc5dc7560df7c4ee623866d16a6168cebd1b49
-
SHA512
212faeffb70a583d23abdd63af8bc38993053961d6c3cdee93f0223f205cc13c4fab918b9ea86b62da813434b49f7a73b4fd1cfe3d113d00ef03ab7c6ade4739
-
SSDEEP
6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTw10qhh4BAjrt:qtUGfVwUFzRG6EQ0POfiTTw0qoAjrt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2024 3052 WerFault.exe 84ae6b82c9fb59exeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
84ae6b82c9fb59exeexeexeex.exedescription pid process target process PID 3052 wrote to memory of 2024 3052 84ae6b82c9fb59exeexeexeex.exe WerFault.exe PID 3052 wrote to memory of 2024 3052 84ae6b82c9fb59exeexeexeex.exe WerFault.exe PID 3052 wrote to memory of 2024 3052 84ae6b82c9fb59exeexeexeex.exe WerFault.exe PID 3052 wrote to memory of 2024 3052 84ae6b82c9fb59exeexeexeex.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\84ae6b82c9fb59exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\84ae6b82c9fb59exeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 1202⤵
- Program crash